Last week I attended the Privacy and Security Forum at George Washington University. Here are a few points to ponder.
•Privacy by design or privacy by default? Functionality requires design. Privacy by default means there is a malfunction.
•In a breach response, “privilege is the playbook.” Privilege determines who does what, when you do it, how you do it and who you share it with.
•In a breach response, proper communication is key, whether it be with the board, customers, insurers, law enforcement or regulators. Companies need to balance communications with running a business even though business instincts may be at odds with a legally sound breach response.
•Why do courts struggle to find harm in massive breach cases? Is it because the consequences of a breach – such as changing passwords- are considered just an inconvenience and not actual harm? Is a data breach too vague because it involves thousands of people with “innocuous” complaints?
•Is the health industry lulled into thinking that its “space” on the privacy spectrum is relatively settled, compared to other industries still sorting out which regulations even apply?
•E-commerce is tailored and targeted. Legal on-line price discrimination occurs when e-merchants adjust prices or display different offers to different users, depending on your browsing history, your device (Mac or PC, desktop or mobile) or your location.